Installing MBPM communicating across domains

We are currently installing MBPM in an environment where MBPM will be sitting in ONE domain and the forms will be executing from a completely separate domain using the ECL. We need to know how to setup the designer and ECL NOT to use Windows authentication. We currently have the setup using TCP/IP configuration. I know Tony Wheeler helped us to set this up previously but I can't find the article he posted on this.

Tagged:

Comments

  • It sounds like your ECL.WS and your ECL app are on different domains so you will need to open the ~\ECL.WS\web.config and find this section:

     




     

    And change it to this:

     




     

    This is transport layer windows authentication is separate from the IIS authentication settings which should also be set to anonymous for the ECL.WS. This will not allow anonymous logins, only allow non-domain computers to connect to the ECL.WS. A valid session still must be created in your application.

  • Sorry its taken so long to reply to this but I've been dealing with a much larger issue the last several weeks which put this issue on hold since its not in production yet.

     

    Now I remember the issue we solved previously and still needs to be resolved. We were working on getting the designer to not use Domain Authentication when deploying to a different domain since we will be dealing with 3 domains also.

     

    Any help you can provide for this?

  • I might have posted this elsewhere on the forums, but our documentation suggests adding your windows user to the server. Once your local user (machinename\username) exists on the server, it will work. But only if the passwords match.

    Another way I figured out is to disable the windows auth on the connection entirely much like I suggested for the ECL.WS above.

     

    To do this, you'll need to modify the ~\BPM\Designer\Designer.exe.config on the client/Designer machine and the ~\BPM\Deployment\DeploymentService.exe.config on the BPM server.

     

    DeploymentService.exe.config:

    Look for the following section:

    <binding name="NetTcpBinding_Deployment" portSharingEnabled="true" maxReceivedMessageSize="2147483647">
    

    Add the following within the :

    <security mode="None">
                   <transport clientCredentialType="None"/>
    </security>
    

    Restart the DeploymentService for the changes to take effect.

    Designer.exe.config:

    Look for the following section:

    <binding name="deploymentService_defaultNetTcpBinding"
    

    Add the following within the :

    <security mode="None">
                  <transport clientCredentialType="None"/>
    </security>
    

    Reopen Designer for the changes to take effect.

     

    The only caveat is that because all Designer connections will use the same binding you will either need to remove the security mode setting from the Designer.exe.config to deploy to an unmodified server on the domain OR modify all of your servers to use the same security mode for the NetTcpBinding_Deployment binding. So in your case you'd want to update all the servers' configs as above so that your modified Designer could connect to all of them.

  • Thanks,

    This worked well for two of the servers but our Cert and Prod servers aren't responding to Telnet on port 808 even after changing the security. I need to look into this and I may even have to reinstall.

  • It might just be a firewall issue. If needed, you can change the port number used by the Deployment Service:

     

    /awd/forums/questions/3401990

     

        To customize the port number used by the Deployment Service, the following changes need to be made:
        In \Program files\Metastorm\BPM\IIS extensions\DeploymentServiceConfig.xml, specify the port number in this line:
        net.tcp://localhost:portnumber/Deployment
        In \Program Files\Metastorm\BPM\Deployment\Metastorm.Deployment.Core.addin, specify the port number in this line:
        net.tcp://localhost:portnumber/Deployment/DeploymentService
        In \Program Files\Metastorm\BPM\Deployment\Metastorm.Deployment.Libraries.addin, specify the port number in this line:
        net.tcp://localhost:portnumber/Deployment/LibraryStore
        In \Program Files\Metastorm\BPM\Deployment\Metastorm.Deployment.Projects.addin, specify the port number in this line:
        net.tcp://localhost:portnumber/Deployment/ProjectStore